httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Darren S." <>
Subject [users@httpd] Re: Access control to allow local clients or remote with SSL client certificate
Date Fri, 16 Jun 2017 09:24:03 GMT
On Fri, Jun 16, 2017 at 1:59 AM, Darren S. <> wrote:
> Greetings,
> Running Apache 2.4.7 and current configuration limiting access to a
> directory to only clients that can provide a trusted client certificate.
> Server is SSL host. Would like to modify configuration to allow "local"
> clients (, etc. as defined by 'Require local' auth provider) to
> access the directory without authenticating with a client certificate. So
> the local host may access the directory without SSL client auth, but all
> others must authenticate with a client certificate or access is forbidden.
> What is the best/proper way to do this?
> I'd like to use modern directives (avoiding Allow, Deny, Order etc. from
> mod_access_compat) but I'm not clear how to combine Require related
> directives with mod_ssl options like SSLVerifyClient.

I ended up with this as a test; is this as easy as it should be?

<VirtualHost _default_:443>
        DocumentRoot /var/www/app

        SSLEngine On
        SSLCertificateFile /etc/ssl/certs/server.crt
        SSLCertificateKeyFile /etc/ssl/private/server.key
        SSLCACertificateFile "/etc/apache2/client-ca.crt"
        <Directory /var/www/app/webroot>
                SSLVerifyClient optional
                SSLVerifyDepth 1
                Options -Indexes
                AllowOverride all
                        Require ssl-verify-client
                        Require local

Darren Spruell

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message